longbridge
Warn
Audited by Snyk on Jun 18, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W009: Direct money access capability detected (payment gateways, crypto, banking).
- Direct money access detected (high risk: 1.00). The skill is a dedicated trading CLI using the longport/longbridge SDK with explicit, specific capabilities to place and cancel market/limit orders (commands shown: place, cancel), view account/positions, and requires trading credentials (App Key / App Secret / Access Token). It explicitly supports live order placement (with --confirm-live) and operates on real markets (US, HK, A-share). These are direct market-order and account-managing functions (i.e., moving assets/funds), so this is Direct Financial Execution.
Issues (1)
W009
MEDIUMDirect money access capability detected (payment gateways, crypto, banking).
Audit Metadata